The following Support options are available:
- Service Desk: The Service Desk will be able to assist with support queries and will forward on other queries to the correct team. The Service Desk is located in the DMS Watson Science Library, Malet Place. The Service Desk web page provides details on opening times and a location map.
Issues and information
- 1.) Mac machines running Sophos - upgrade to Sophos 9
- 2.) Mac machines running older 3.0 anyconnect clients - upgrade to 3.1
- 3.) Windows machines running Fsecure - firewall issue
- 4.) Windows machines running Fsecure - upgrading to latest version
- 5.) Windows 8 [UPDATED]
- 6.) Linux connectivity issue [UPDATED]
- 7.) Local printing
1.) Mac machines running Sophos - upgrade to Sophos 9
Issues with Sophos anti-virus running on Macs are now resolved with Sophos 9.
Please update your Sophos anti-virus installation to Sophos 9 from the UCL software database
This will install over the top of Sophos 8 - there is no need to uninstall Sophos 8 before installing Sophos 9.
Once installed, enter the Sophos username and password to allow the application to connect to the database (this username and password can be found on the Sophos page on the UCL software database)
Once this is configured, click on the Sophos icon, and then "Update Now" and wait for it to download all virus
You will initially see the Update Window just say "downloading". It will sit like this for quite a while - possible around 5 minutes. Eventually it will begin to download the actual definitions and will display "Downloaded x.xMB". Once this has finished this screen will say "Sophos Anti-Virus is up to date". Then connect to the VPN AnyConnect client.
You MUST wait for all of this to complete, otherwise the VPN client will report the anti virus is out of date.
2.) Mac machines running older 3.0 AnyConnect clients - upgrade to 3.1
The new software running on the servers should cause your VPN client to automatically update from the older 3.0 version to the new 3.1 version.
To check which version of the client you are running, click on the AnyConnect icon and then Choose "About Cisco AnyConnect".
If for any reason this automatic upgrade does not happen, you may have connection issues. You can manually un-install the 3.0 client and manually upgrade to the new client
Uninstall the AnyConnect VPN client by running the following command in a terminal window:
Install the standalone VPN AnyConnect client from the link at the bottom of the URL:
When prompted, enter the server name vpn.ucl.ac.uk
Attempt to connect to the VPN service.
3.) Windows machines running Fsecure - firewall issue
Currently Fsecure firewall may not be detected due to FSecure updates. This is affecting all Fsecure version 11 users and some users on FSecure version 10. If you are affected, as a temporary workaround, enable the Windows firewall.
This has been raised as a bug with Cisco and information will be posted here when this is resolved and the Fsecure firewall is detectable again allowing users to turn off the Windows firewall
4.) Windows machines running Fsecure - upgrading to latest version
If you wish to upgrade to the latest version of FSecure, (which we highly recommend) this is available on the UCL software database http://swdb.ucl.ac.uk/package/view/id/166?filter=virus.
Once FSecure is initially installed, and the initial definitions have downloaded, open the FSecure application. It will still say "Finishing Installation". Wait for this to say "Installation complete". You will notice more virus definitions download.
Once this is all done, you will then be able to access the VPN service.
Please be patient - this can take a long time. Until FSecure has completely finished downloading, you will not be able to use the VPN client.
5.) Windows 8 - NOW SUPPORTED on a best efforts basis.
After a period of testing, we are now able to support the AnyConnect VPN client running on the Windows 8 Operating System.
However, due to limited knowledge of the Windows 8 Operating System, support will be provided on a "best efforts" basis.
PLEASE NOTE: there is a known incompatibility between machines running Windows 8 and WinPcap service "Remote Packet Capture Protocol" distributed with Wireshark and the VPN will not work correctly.
6.) Linux connectivity issue - 64-bit systems [UPDATED]
A number of users have reported issues with the 64bit Linux client not working with various Linux flavours.
The error message presented is: Login Denied. Your environment does not meet the access criteria defined by your administrator
The error appears to be related to where Linux distributions place SSL certificate as well as certain library requirements. At present we cannot find a new workaround to get the AnyConnect working natively on 64-bit Linux. The previous notes are still available - see below - but it has been noted by a few users that these no longer resolve the connectivity issue.
However, a workaround to run the Cisco 32-bit client on a 64-bit Linux machine is outlined below. This provided a successful VPN connection within 32-bit Linux (running LXDE) inside a virtual machine hosted within 64-bit Linux (running KDE).
This is only a guide, but was successful for one Linux user who provided us with their steps.
1. Install kvm and a network bridge (this will be distribution-specific).
2. Use kvm set up a virtual machine with network bridging enabled through a static MAC address.
3. On the virtual machine install a 32-bit ISO equivalent of the Linux distribution.
4. Ensure successful network bridging (this may may require writing a distro-specific script).
5. Update and patch the 32-bit install through the virtual machine and if not present install Firefox.
6. Download and install the 32-bit Linux Cisco client onto the VM from the UCL website (it might NOT work).
7. Check for any missing dependencies (e.g. sudo /opt/cisco/anyconnect/bin/vpnui) and install them.
8. Run `firefox vpn.ucl.ac.uk' and the Sun Java Applet will work in establishing a VPN.
For a native 32-bit Linux box, only steps 6-8 are necessary.
We would appreciate any feedback from users who might find a solution so that we can post it here.
Older notes - 32-bit systems and older 64-bit systems
A common error message among 32bit Linux systems is: Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.
This is to do with where Linux places certificates. See the Linux AnyConnect Problems page for instructions on how place the certificates in the correct location for the VPN AnyConnect client to work.
Other connectivity issues have been reported. We are
looking into this. However, Linux is an unsupported Operating System and
support can only be provided on a "best efforts" basis.
7.) Local printing
For security reasons, Local LAN access is not available when you are connected over the Remote Access VPN service. You therefore cannot access local network printers (i.e. wireless printers). A work around is to directly connect the printer to your computer via USB.
- Connecting the VPN client will securely connect you to UCL. As part of this process, existing network connections will be terminated and need to be re-established. For example: If you wish to use a voice application (such as Skype), it is recommended that you start the VPN client and then start your call to avoid disruption to your conversation.
Page last modified on 25 nov 13 10:40